org/it/documents/Computer%20Security
%20PPT.pdf.
Google automatically generates html versions of documents as we crawl the web.
Page 1
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
PRESENTATION TO:
Southern Tier
Library System
Funded through Federal Library Services and Technology Act Funds
Funded through Federal Library Services and Technology Act Funds, Awarded
, Awarded
to the New York State Library by the Federal Institute of Museu
to the New York State Library by the Federal Institute of Museum and Library
m and Library
Services. Administered by the Southern Tier Library System.
Services. Administered by the Southern Tier Library System.
Page 2
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Today’s Workshop
I. Introduction: Headlines,
Paradox &
Challenge
II. Information Security Attacks
and Hackers
III. Types of Computer and
Network Attacks
IV. Countermeasures (Personnel
and
Technology)
V. Miscellaneous tips
VI. Discussion and Conclusion
Page 3
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Section I
Headlines, Paradox
and Challenges
Page 4
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
What is Information
Security ?
The concepts, techniques, technical
measures, and administrative
measures used to protect information
assets from deliberate or inadvertent
unauthorized acquisition, damage,
disclosure, manipulation,
modification,
loss, or use
Page 5
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Section III
Types of Computer
Attacks
Page 7
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Types of attacks
Denial of Service (DoS) Attacks
Website Defacement
Viruses and Worms
Data sniffing and Spoofing
Unauthorized Access
Malicious Code and Trojans
Port-scanning and Probing
Wireless Attacks
Page 8
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Website Defacement
Increasing tremendously – Experts no
longer
keep record of defaced sites – Could not
keep up
60% of larger U.S. business expect to be
attacked
next year – Only 45% prepared to
respond
Attacker probes web services through
normal
Internet connection
Attacker modifies HTML or JAVA
code, which
changes website or web storefront
Conducted using free “hacking”
software easily
downloaded from Internet
Page 9
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Unauthorized Access
Can be accomplished by any connection
to a
computer or network using most
services
(TELNET, FTP, HTTP, Web, E-mail,
etc.)
Must somehow compromise
authentication
(password, token, PIN, Smart card) to
gain
access
Once access is gained malicious activity
can
occur
Unless internal auditing and access
control is
implemented, access can be undetected
for years
Page 12
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Wireless Attacks
Wireless Equivalent Privacy (WEP)
protocol
cannot be trusted for security
Attackers can easily eavesdrop or spoof
wireless
traffic
Hackers external to your building may
be able to
intercept and view all of your wireless
traffic,
despite encryption
Hacker tools free and easily accessible
via the
web: AirSnort, WEPCrack, THC-RUT
Page 15
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Section IV
Countermeasures –
Personnel and
Technology
Page 16
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Countermeasures
Personnel
–
Security Policy and Procedures
–
Training and Awareness
–
Physical Security
–
Dedicated Management
Technology
–
Firewalls
–
Intrusion Detection
–
Virus Protection
–
Authentication and Authorization
–
Encryption
–
Auditing and Assessment (Third Party)
–
Data and Information Backup
Page 17
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Personnel – Physical
Security
Organizations should define physical
security zones
and implement appropriate preventative
and
detective controls in each zone to protect
against
the risks of:
–
Physical penetration by malicious or unauthorized
people
–
Damage from environmental contaminants, and
–
Electronic penetration through active or passive
electronic
emissions
Will mitigate the following attacks:
–
Internal attacks (i.e. disgruntled employees)
Page 20
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Personnel – Dedicated
Management
Organizations need to demonstrate that
they have
Information Security controls in place
through
dedicated staff
Provide the framework to initiate,
implement,
maintain, and manage Information
Security
Single Point of Contact for:
–
Training and Awareness
–
Policies and Procedures
–
Physical Security Controls
–
Technical Security Controls
–
Administrative Security Controls
Will mitigate the following attacks:
–
Internal attacks (i.e. disgruntled employees)
Page 21
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Technology - Firewalls
A system or group of systems that
enforce a network
access control policy
Filters data packets in and out of
intended target
Strength relies on configuration
Governs the flow of data into and out of
a Local Area
Network
Separates a private network (LAN) from
the public
Internet
Will mitigate the following attacks:
–
Denial of Services (DoS) Attacks
–
Unauthorized Access
–
Port-scanning and Probing
Page 22
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Technology – Intrusion
Detection Systems
Complements firewalls to detect if
internal assets
are being hacked or exploited
Network-based Intrusion Detection
–
Monitors real-time network traffic for malicious
activity
–
Similar to a network sniffer
–
Sends alarms for network traffic that meets certain
attack patterns or signatures
Host-based Intrusion Detection
–
Monitors computer or server files for anomolies
–
Sends alarms for network traffic that meets a
predetermined attack signature
Will mitigate the following attacks:
–
Denial of Service (DoS) attacks
–
Website Defacements
–
Malicious Code and Trojans
Page 23
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Technology – Virus
Protection
Software should be installed on all
network servers,
as well as computers
Shall include the latest versions, as well
as signature
files (detected viruses)
Should screen all software coming into
your
computer or network system (files,
attachments,
programs, etc.)
Will mitigate the following attacks:
–
Viruses and Worms
–
Malicious Code and Trojans
Page 24
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Technology – Authentication
and Authorization
Authentication
–
Comes in (3) forms: What you have, know, or are
–
Have – Smartcard, token
–
Know – Password or PIN
–
Are – Fingerprint, Retina scan
–
Two factor authentication is the strongest – (2) out
of
the (3) listed means (i.e. ATM card)
–
Password (most common)
Should be at least (8) mixed characters and numbers
Should be changed at least every (90) days
Should have a timeout of (3) attempts
Authorization
–
What an individual has access to once authenticated
Will mitigate the following attacks:
–
Unauthorized access
Page 25
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Technology - Encryption
Protects data in transit or stored on disk
The act of ciphering and enciphering
data through the
use of shared software keys, data cannot
be accessed
without the appropriate software keys
Common use of encryption includes the
following
technologies:
–
Virtual Private Networking (VPN) – Used to secure
data transfer across
the Internet
–
Secure Sockets Layer – Used to secure client to server
web-based
transactions
–
S-MIME – Used to secure e-mail transactions
–
Wireless Equivalency Privacy (WEP) protocol – Used
to secure
wireless transactions
Will mitigate the following attacks:
–
Data sniffing and spoofing
–
Wireless attacks
Page 26
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Technology – Assessment
and Auditing
Assessment (Risk and Vulnerability)
–
Process by which an organization identifies what needs
to be done to
achieve sufficient security
–
Involves identifying and analyzing threats,
vulnerabilities, attacks, and
corrective actions
–
Key driver in the Information Security process
–
Should be conducted by a third-party
–
Include manual and automated (vulnerability scanners)
methods
Auditing
–
Compare the state of a network or system against a set
of standards
or policy
Will mitigate the following attacks:
–
Identify weaknesses and vulnerabilities
that address all of the mentioned attacks
Page 27
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Technology – Data and
Information Backups
Must have for disaster recovery and
business
continuity
Should include daily and periodic
(weekly) backups
Should be stored off-site, at least (20)
miles away from
geographic location, and have 24X7
access
Should be kept for at least (30) days
while rotating
stockpile
Will mitigate the following attacks:
–
Used to respond and replace
information that is compromised
by all the mentioned attacks
Page 28
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Section V
Miscellaneous Tips
Page 29
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Miscellaneous Tips
Perform a Vulnerability Assessment
–
Provided by a third-party consultant
Use Anti-virus software
–
Should be present on every server and computer
–
Consider extending license for home use
–
Get virus updates regularly
Install a firewall
–
Block unused services, ports, and protocols
Teach all users “Safe Internet Skills”
Use strong authentication (8 character
password,
token, smartcard, strong PIN)
Use encryption (VPN, Secure e-mail,
etc.) for
sensitive information
Page 30
www.lrkimball.com - infosec@lrkimball.com - 412-201-4900
Section VI
Discussion and
Conclusion